I expect that a port to Mozilla's NSS wouldn't be too much more difficult, although of course Howard would be the person to ask for an estimate.
I would think there are other developers here who are familiar with Mozilla NSS and can read the code in libldap/tls.c. It's certainly not high on my list at the moment since OpenSSL works for me. One thing that I find rather annoying about NSS is its use of a private certificate/keystore that requires additional tools to manipulate.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration